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Dr. Alexander Dix 

Dr. Alexander Dix, LL.M. (Lond.), was elected Commissioner for Data Protection 
and Freedom of Information by the Berlin State Parliament in June 2005. He was 
Commissioner of the State of Brandenburg for seven years and has 22 years 
experience in data protection and has published extensively. A specialist in 
telecommunications and media, he chairs the International Working Group on 
Data Protection in Telecommunications ("Berlin Group"). He is also a member of 
the Art. 29 Working Party of European Data Protection Supervisory Authorities, 
where he represents the Data Protection Authorities of the 16 German States 
(Lander). A native of Bad Homburg, Hessen, he graduated from Hamburg 
University with a degree in law in 1975. He received a Master of Laws degree 
from London University after studies at the London School of Economics and 
Political Science in 1976, and a Doctorate in law from Hamburg University in 
1977. 

Ms. Eloise Gratton 

Gratton is a partner at McMillan Binch Mendelsohn where she practices law in 
the areas of commercial law and information technology. Prior to joining the firm, 
she acted as Director of Corporate & Legal Affairs for a wireless marketing 
company. She serves as head of the Legal Council of the Toronto-based Society 
of Internet Professionals. As a member of the Mobile Marketing Association 
Privacy & Consumer Acceptance Committee, she actively participated in drafting 
privacy guidelines for the mobile marketing industry. She acts as Vice-chair of 
the Canadian IT Law Association Ad hoc Privacy Committee and is Senior 
Consultant (for Quebec) of the Canadian Privacy Institute. Ms. Gratton speaks 
frequently at national and international technology conferences and is a 
published author on emerging technologies and legal matters. She is the author 
of the CCH book entitled Internet and Wireless Privacy: A Legal Guide To Global 
Business Practices. 

Dr. David Lyon 

David Lyon is the Principal Investigator of the Globalization of Personal Data 
Project and the Director of the Surveillance Project at Queen’s University. 
Professor Lyon has been working on surveillance issues since the 1980s, when 
he discussed surveillance as one of the key issues of information-based societies 
in The Information Society: Issues and Illusions (Polity 1988). Since then he has 
been involved in many debates over information politics and policy in Canada 
and around the world as a result of his research and publications including The 
Electronic Eye (1994), Surveillance Society (2001) and Surveillance after 
September 11 (Polity 2003). 

He is a founding editor of the e-journal Surveillance and Society and has 
particular research interests in national ID cards, aviation security and 
surveillance and in promoting the cross-disciplinary and international study of 
surveillance. He is currently preparing Identifying Citizens: Software , Social 
Sorting and the State for Polity Press (2008). 

Dr. Michael G. Michael 

Dr. Michael G. Michael, Ph.D., MA(Hons), MTh, BTh, BA is a theologian and 
historian who brings a unique perspective on Information Technology and 
Computer Science. Presently he is an honorary fellow in the School of 
Information Systems and Technology, at the University of Wollongong, Australia. 
He is the former coordinator of Information & Communication Security Issues and 
since 2005 has guest-lectured and tutored in Location-Based Services, IT & 
Citizen Rights, Principles of eBusiness, and IT & Innovation. He has presented 
papers at numerous IEEE conferences including the International Conference on 
Mobile Business , the International Conference on Mobile Computing and 
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Ubiquitous Networking , and RFID Eurasia. He is currently co-authoring a book 
titled, innovative Automatic Identification and Location-Based Services: From Bar 
Codes to Chip Implants. Alongside Dr Katina Michael he has introduced the 
concepts of ‘uberveillance’ and ‘electrophorus’ into the privacy and bioethics 
literature. 

Mr. John B. Morris, Jr. 

John B. Morris, Jr. is General Counsel at the Center for Democracy & 
Technology, and the Director of CDT's "Internet Standards, Technology and 
Policy Project." Prior to joining CDT in 2001, Mr. Morris was a partner in the law 
firm of Jenner & Block, where he litigated groundbreaking cases in Internet and 
First Amendment law. As part of CDT's "Standards Project," Morris has actively 
participated in the work of the Internet Engineering Task Force, including the 
"GeoPriv" group working on location privacy in wireless and voice over IP 
contexts. 

Mr. Morris received his B.A. magna cum laude with distinction from Yale 
University and his J.D. from Yale Law School, where he was the Managing Editor 
of the Yale Law Journal. Following law school, he worked as a staff attorney at 
the Southern Center for Human Rights in Atlanta, Georgia before joining Jenner 
& Block in 1990. 
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Paper commissioned by the Office of the Privacy Commissioner of Canada. The 
views and opinions contained in this document are those of the author and do not 
necessarily reflect the views and opinions of the Office of the Privacy 
Commissioner of Canada nor of the Government of Canada. 

Ubiquitous Computing: Geo-tracking Workshop 

A background paper for the 29th International Conference of Data Protection and 
Privacy Commissioners 

Longitude and Latitude: location technologies and 
privacy concerns 

When Marco Polo set out on his voyages of discovery, most of the world was 
literally Terra Incognita- unknown and unmapped. Today, every part of the 
Earth’s surface has been mapped and new location-based technologies can 
pinpoint someone’s location within 10 to 20 metres, almost anywhere on Earth. 
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This paper serves as a resource document for the Geo-tracking Workshop. It 
describes location technologies and their various applications so as to explore 
the inherent privacy issues, particularly those involving tracking or surveillance of 
individuals. Workshop attendees are invited share their own concerns and 
insights about location tracking and how best to ensure that rights to control 
personal location information are solidly entrenched as tracking technologies 
expand in the marketplace. 

What is surveillance? 

Surveillance, as defined in A Report on the Surveillance Society, is any 
"purposeful, routine, systematic and focused attention paid to personal details, 
for the sake of control, entitlement, management, influence or protection.'-When 
accomplished through automated means, it is sometimes referred to as 
"dataveillance".- Location technologies that can pinpoint the whereabouts of a 
person or object are critical elements of dataveillance. 


What are location technologies? 

A 2005 paper published by Canadian researchers who are working on the 
Queen’s University Surveillance Project defines location technologies as 
technologies that meet three specific criteria. They can pinpoint locations, they 
can report these continuously, and they can do it in real time.- 

In other words, they can locate objects equipped with location-tracking devices at 
any time and without interruption provided the devices are turned on, emit 
tracking signals and the signals are accessible. 

The Queen’s researchers considered two technologies predominant in current 
location tracking applications: those that locate a cellular telephone or similar 
wireless device through technology that can be deployed in a cellular phone 
network; and those that can locate a GPS (Global Positioning System) receiver. 

Nevertheless, other technologies have been or could be used to track individuals’ 
movements, but more sporadically. For example, in the UK, which already has 
the highest concentration of closed circuit television (CCTV) systems for 
surveillance, Automated Number Plate Recognition (ANPR) technology is a 
rapidly advancing policing and surveillance tool. 

Conventional CCTV systems can also be used for more precise tracking of 
individuals using facial recognition software. By its nature, facial recognition is 
not ubiquitous as it depends upon individuals being continuously in plain view of 
successive video cameras. 

Radio-frequency identification (RFID) chips are another potential location 
tracking technology. They have become increasingly smaller and cheaper, 
leading to greater expectations of their use in individual products. RFID chips are 
now widely used to track shipping containers and pallets at ports and in 
warehouses, and are now embedded in individual products, including articles of 
clothing. They can track employees within company premises and monitor 
vehicle use on toll highways. 

Katherine Albrecht and Liz McIntyre, in their book Spychips, paint a disquieting 
picture of a future world where billions of items contain RFID chips and "the 
whereabouts of everything and everyone will be known at all times and 
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accessible to anyone with access to the databases, authorized or otherwise".- 

Such a surveillance capability would depend upon a massive network of 
interconnected RFID readers, since passive RFID devices have a limited reading 
range of a few centimetres to a few metres.- However, RFID tags embedded in 
identity documents such as drivers’ licenses, immigration visas and passports will 
permit the intermittent tracking of individuals as they move through RFID-reader 
equipped checkpoints. The ultimate example of personalization of these devices 
is implanting them in humans tor identification, to store emergency medical 
information, and even to replace the need for cash or a credit card when visiting 
a club. 

Another intermittent surveillance technology is Wi-Fi Positioning Systems (WPS) 
which enable Wi-Fi network operators to pinpoint the location of wireless signal- 
emitting devices such as laptop computers to within 20 to 40 metres. The base of 
wireless computing users is growing exponentially, providing an exceptional 
opportunity for new commercial location-based services, but also increased 
dataveillance. 

This paper will briefly consider the geo-tracking privacy issues associated with all 
of the above technologies, under the following headings: 

• Cell phones and location information for emergency response and 
commercial applications 

• GPS location tracking in commercial fleet management and in personal 
vehicle use 

• Automated Number Plate Recognition (ANPR) and advanced CCTV 
tracking systems used for public surveillance 

• The tracking potential of RFID technologies 

• WPS and the tracking of computers and other wireless personal devices. 

Cell phones and location information for emergency 
response and commercial applications 

The technology 

With the rapid growth in cellular telephone use, emergency services providers 
(known as Public Safety Answering Points or PSAPs) began demanding that 
cellular phones offer the same functionality as wireline telephones so police, fire 
and ambulance services could better locate wireless emergency calls. The first 
requirements for what is known as wireless E911 originated in the United States 
and required the introduction of new tracking technologies in the cellular phone 
network. 

The rollout of wireless E911 in the United States, Canada and other countries 
has occurred in stages. In phase 1, network operators were required to provide 
PSAPs with limited cell/sector directional information and the cellular phone 
number of the caller. However, this information had little value in locating a caller, 
and was used primarily to identify the service to which the call should be routed. 

In the second phase (required under revised U.S. Federal Communications 
Commission (FCC) rules), wireless carriers were expected to employ network- 
based location technologies to locate the mobile phone user within 50 metres for 
67 per cent of 911 calls, and 150 metres for 95 per cent of calls.® 
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Ultimately, network-based technologies were incapable of meeting this accuracy 
standard and wireless carriers turned instead to GPS-equipped phones which 
can provide location information to within a few metres if there is clear line of 
sight to GPS satellites. Other solutions use a hybrid of GPS-equipped phones 
and signal processing within the network to better identify the caller’s location to 
within 10 metres.- 

In Canada, phase 2 location tracking is now in field trials while, in the U.S., more 
aggressive FCC deadlines have pushed U.S. carriers into full implementation in 
some communities. (In the U.S., a request from a PSAP is required for 
implementation of Phase 2 wireless E911 within a particular jurisdiction.) El 12 is 
also being rolled out throughout the European Union, with phase 1 ubiquitous in 
theory by 2003 and higher performance location services expected to penetrate 
the market by 2006.- In reality, many EU countries have not yet begun to 
implement cellular location tracking, which has resulted in infringement 
proceedings against 11 EU members.- 

The privacy implications 

E911 services: Historically, the use of wireless location services for E911 
purposes has generated little documented privacy concern as the benefits 
seemingly outweighed any associated privacy loss. Users of GPS-enabled 
phones can turn off the positioning capabilities, while network operators can 
restrict the use of location technologies to situations where a caller has dialled 
911.— Contractual and regulatory rules can also bind PSAPs on their use of 
location information. 

However, mounting concerns about cyber-crime and terrorist activities have now 
shifted the balance of national security and privacy and expanded the interest in 
collection and use of location information.— U.S. policy makers and regulators, in 
particular, have been seized with the importance of wireless location services 
following 9/11. 

One report on E911 implementation in the U.S. stated: "the increased emphasis 
being placed on homeland security, the critical role played by E911 systems and 
services in assuring homeland security, and the increased dependence on 
wireless networks, make the automatic provision of location information with 
wireless emergency calls as much a national priority as a local one".— 

Law enforcement and security access: The legal basis for U.S. law 

enforcement agencies to obtain mobile phone users’ location information was 
established in the Communications Assistance for Law Enforcement Act 
(CALEA)i^. The act directed the telecommunications industry to design, develop 
and deploy solutions to meet law enforcement requirements to conduct lawfully- 
authorized electronic surveillance. Location information protocols developed 
under CALEA permit law enforcement agencies—with a court order—to obtain 
whatever caller location information a wireless carrier is able to produce.— 

Privacy advocates have raised concerns about potential lowering of standards for 
law enforcement agencies to obtain such information following passage of the 
USA PATRIOT ACT which expanded FBI surveillance powers. In 2005, two U.S. 
magistrates (in separate decisions) ruled that permitting the FBI and other police 
agencies to track the location of cell phone users under this Act under a routine 
tracking order, without showing some evidence of actual criminal activity, violated 
constitutional rights of protection against "unreasonable search and seizure."!^ 
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More recently, in 2006, a different judge determined that the FBI could monitor 
the location of Americans by constantly tracking their cell phone signals without 
providing evidence of criminal activity.— 

In Canada, similar privacy concerns have been expressed about a proposed law 
to strengthen Canadian law enforcement intercept capabilities, including to obtain 
wireless location information under a production order where the police have 
"reasonable grounds to suspect" criminal activity. In response, Privacy 
Commissioner Jennifer Stoddart noted a former Supreme Court Justice’s view 
that the day has now finally arrived when a device has been developed "that will 
be able to track our every movement for indefinite periods even without visual 
surveillance"—. She urged that, at the very least, such unseen, ubiquitous and 
precise tracking capability should only be permitted on a higher threshold of 
"reasonable grounds to believe" rather than "reasonable grounds to suspect".— 

One of the privacy concerns about law enforcement location tracking is that it 
introduces "wholesale surveillance." As U.S. privacy and security expert Bruce 
Schneier has written: 

"Years ago, surveillance involved trench-coated detectives 
following people down streets. It was laborious and expensive, 
and was only used when there was reasonable suspicion of a 
crime. Modern surveillance is the police officer sitting at a 
computer with a satellite image of an entire neighborhood. It's the 
same, but it's completely different. It's wholesale surveillance."!^ 

James Dempsey, Policy Director with the U.S.-based Center for Democracy & 
Technology, likened the implementation of E911 to turning cell phones into ankle 
bracelets, and called for stronger constitutional restrictions on law enforcement’s 
ability to obtain court orders for location data.^ 

David Lyon, Stephen Marmura and Pasha Peroff of the Queen’s University 
Surveillance Project have also pointed out the potential of E911 mobile phone 
location data to be used for greater police surveillance. 

"It seems equally likely that the continued development of [this] 
system in Canada will provide law enforcement in this country 
with ever more precise and revealing data on individuals 
suspected of committing illegal acts. At the same time, such 
developments will likely go unnoticed by many or most citizens."— 

Consumer malaise: Lack of citizen concern about location tracking may become 
a more important issue as organizations, particularly communications carriers, 
offer commercial services based on mobile telephones. So far, services such as 
vehicle tracking for fleet operators are focussed on commercial users. However, 
as more precise location information becomes available, it will offer opportunities 
for location-based text messaging and advertising to consumers, as well as 
services aimed at finding individuals, such as child-locator or friend-locator 
services. Australian location services privacy expert Dr. Katina Michael, in fact, 
describes location-based technologies as a "cultural-changing force" where 
"pervasive computing will become a dominant force in the way we live, work, and 
interact with one another".— 

As David Lyon and his colleagues point out, "the opportunities to develop new 
revenue options and pitch services directly to individual needs are endless, and 
could become increasingly attractive as LBS (location-based services) is 
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integrated with a ‘rise in complementary technologies such as digital mapping 
and wireless communications peripherals’."— 

In Internet and Wireless Privacy, Eloi'se Gratton cites research that consumer 
location services based on E911 technology could account for 40 per cent of a 
carrier’s mobile data services revenue by 2007.— Ms. Gratton identified such 
services as emergency roadside assistance, mapping and security services for 
vehicles, proximity-based advertising, a friends finder service, M-commerce at 
point of sale, and even M-dating where your cell phone location helps a 
prospective partner locate you. 

Useful v intrusive: A 2003 study suggested that individuals’ concerns about the 
intrusiveness of mobile phone-based location services went down as the 
usefulness of the service went up. For example, of four proposed services, study 
participants considered most "privacy invasive" one that would allow a retailer to 
send a message suggesting it was time for lunch whenever a mobile phone user 
passed a restaurant. Considered less invasive were services that would 
automatically set the ring function to silent mode whenever the user attended a 
meeting, went to class, went to a movie or entered a restaurant. A service ranked 
highly useful but also highly intrusive would tell users the location of predefined 
friends, provided they also had mobile phones.— 

Where to go from here? 


The introduction of new mobile phone-based location services raises several 
important questions: 

• What level of notice and consent should be required before carriers may 
use or disclose location information to third parties for commercial 
purposes? 

• Under what conditions should law enforcement agencies have access to 
location information for surveillance purposes and what safeguards are 
required to prevent abuse of such access? 

• What privacy solutions provide users greater control over their location 
information when using cellular phones or similar devices? 


GPS location tracking in commercial fleet management 
and in personal vehicle use 

The technology 

The Global Positioning System (GPS) provides accurate location and timing data 
to users worldwide using 24 satellites and sophisticated signal triangulation 
technology. GPS is vital to commercial aviation and marine transportation, 
surveying and mapping, and a growing number of other commercial applications. 

Originally developed as a military system, the Pentagon first made GPS available 
for commercial use under a selective availability policy which restricted signal 
accuracy to within 30 metres. On May 1,2000, this signal degradation feature 
was turned off allowing civilian users to pinpoint locations with up to three metre 
accuracy. GPS is available free of charge, worldwide for peaceful civil, 
commercial and scientific applications. 

To end reliance on the U.S system (which the Bush Administration has stated 
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could be selectively disabled to prevent use by terrorist groups or hostile 
nations^), the European Union and European Space Agency are planning a 
competitive system known as GALILEO. However, disputes among European 
firms building the €3.2 billion project are likely to delay commercial operations 
until well after 2010.— 

There are close to two million GPS/wireless devices in use in the U.S alone, 
monitoring fleet vehicles, trailers, construction equipment and mobile workers. 
The number is expected to grow to close to six million by 2009.— One analyst 
has predicted the number of commercial GPS users in the U.S. will reach nearly 
70 million by 2011 

The privacy implications 

Two GPS applications have raised privacy concerns in recent years. The first is 
the growing use in fleet management systems to compute precise location of 
company vehicles, whether the vehicles are stationary or moving, and the speed 
and direction of travel. This data is often combined with vehicle diagnostics data 
and maintenance schedules to improve fleet efficiency. A linked use is other 
employee tracking, such as providing workers with GPS-equipped cell phones in 
order to monitor their location offsite. 

The second application is the growing use of GPS technology in personal 
vehicles, including car rentals. A 2002 GPS world markets study estimated that 
in-vehicle navigation and telematics services would be the largest GPS market 
segment by 2006, accounting for 41 per cent of all GPS use. 30 

Commercial vehicles/employee tracking: Employee tracking and use of GPS 

to track company vehicles has raised numerous privacy issues. In Canada, in an 
important finding under the federal Personal Information Protection and 
Electronic Documents Act , the Office of the Privacy Commissioner determined 
that 

1. employee consent was required to collect GPS location data that could 
be associated with an individual employee (although such consent could 
be implied through the employment relationship), and 

2. the purposes for collecting such data must be reasonable.^! 

Reasonable purposes included asset protection and management, worker safety, 
and improved productivity by integrating GPS with the vehicle dispatch system. 

However, the Office concluded that "performance management" of individual 
employees via inferences drawn from GPS data was overly privacy invasive and 
therefore in contravention of the law. The Commissioner stated that "[Wjhile 
using GPS to track a vehicle is not overly privacy invasive, routinely evaluating 
worker performance based on assumptions drawn from GPS information 
impinges on individual privacy."— 

In the U.S., where worker privacy rights are poorly protected by state or federal 
laws, only the State of Connecticut has legislation requiring employers that 
conduct electronic monitoring to post a notice in the workplace. In civil litigation, 
however, courts have set limits on employee surveillance outside the workplace, 
ruling that it must be reasonable, unobtrusive and for a job-related purpose.— 
Employers are, nevertheless, within their legal rights to use GPS monitoring 
within the workplace, subject to worker ability to limit use through labour actions. 
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For example, the Teamsters Union won a battle with UPS that prevented the 
company from using GPS tracking for discipline purposes. 3 ^ 

In the European Union, where the EU Directive— requires employment 
information be protected under law, countries have developed guidelines on 
location monitoring. For example, the UK Information Commissioner has 
published guidelines specifying that employers must consider whether the 
benefits of monitoring justify the adverse impact. The guidelines add that, where 
private use of a vehicle is allowed, monitoring its movements when used 
privately, without the freely given consent of the user, will rarely be justified. The 
Commissioner recommends a ‘privacy button’ or other arrangement that allows 
the monitoring to be disabled. 3 ^ 

Monitoring private vehicles: GPS devices have also found widespread use in 
private vehicles for mapping and manufacturer support services. General Motors’ 
OnStar system, for example, is now used by more than four million subscribers 
and provides a platform for a range of new location-based services such as 
location-based advertising. As early as 2001, OnStar President Chet Pluber 
explained how in-vehicle, location-prompted marketing might work: 

"At some point, you would set up your profile and all of the things 
you're shopping for - maybe not urgently shopping for but they're 
on your to-buy list - will get bounced against the database. You’ll 
be driving along and it will say, ‘Oh, by the way, within three miles 
of where you are now, that DVD player you said you wanted is on 
sale at Circuit City.’"— 

While such location-based marketing would ostensibly be based on customers 
setting up profiles and consenting to sharing data with marketers, privacy 
advocates have raised questions about such services. 

Beth Givens, founder of the Privacy Rights Clearinghouse, observed that, with 
the growing number of monitoring systems, "Now, the car is Big Brother".— 

The event that shone the spotlight on auto monitoring was Acme Rent-a-Car’s 
practice of using GPS to monitor its customers’ driving speeds, then fining them 
directly if they exceeded 126 Km/h (79 mph). Details of the monitoring were 
hidden in the fine print of the rental agreement. In one widely reported incident, 
Acme docked a customer $450 for speeding three times. A Connecticut court 
ordered Acme to stop this practice and pay back about $12,000 in fines it had 
collected since the monitoring began. 


Where to go from here? 


• To what extent is employee and customer surveillance reasonable or 
warranted? 

• Flow should GPS system operators provide notice of monitoring and how 
should they obtain consent for such practices? 

• Under what conditions should location data be made available to third 
parties, including law enforcement agencies? 

ANPR and advanced CCTV tracking systems used for 
public surveillance 
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The technology 

ANPR systems: Automated Number Plate Recognition (ANPR) technology, 
which the UK is now rolling out as a nation-wide policing and surveillance tool, is 
just one example of how video surveillance systems are being adapted with 
advanced digital surveillance features. 

The UK ANPR system records license plate numbers using optical character 
recognition technology combined with digital cameras mounted in police vehicles, 
or in conjunction with existing CCTV systems. In a pilot project by 23 police 
departments underway since 1994, ANPR proved capable of checking up to 
3,000 number plates per hour of vehicles traveling up to 160 Km/h. Newer 
infrared cameras produce an accuracy rate of 95 per cent. The Home Office is 
now implementing a national program and establishing a national vehicle 
intelligence data warehouse. Under such a system, every vehicle using public 
roadways could be recorded as it passed by strategically located ANPR 
cameras.— 

Facial recognition systems: Another example of advanced video surveillance is 
the use of facial recognition technology. In 2001 Dr. Ann Cavoukian, Ontario’s 
Information and Privacy Commissioner, investigated the use of such technology 
in Ontario’s eight casinos which are regulated by a public body, the Ontario 
Alcohol and Gaming Commission.— 

The casinos used a facial recognition technology developed by Biometrica 
Systems Inc. and a database of known and suspected casino cheats. Casinos 
also had access to a computer network that allows North American casinos to 
rapidly communicate with each other about suspected cheaters. Ontario casinos’ 
use of this technology was overseen by specially trained police officers who only 
accessed the facial recognition software database when they had reasonable 
suspicion that an individual was engaging in criminal activity. 

The privacy implications 

The Commissioner concluded that this use of facial recognition technology 
coupled with video surveillance complied with the province’s privacy legislation. 
However, she also determined that a privacy impact assessment should have 
been conducted before the system was introduced and notices should be posted 
in casinos to advise patrons that police may be collecting their personal 
information by both video surveillance and face recognition technology. 

Ms. Cavoukian also pointed out that this use of biometrically enhanced video 
surveillance is a far cry from the type of enhanced scanning used in other public 
environments. She cited the scanning by Tampa, Florida police of faces of an 
estimated 100,000 fans and workers at the 2001 SuperBowl. The images were 
digitally scanned and covertly compared to an extensive, customized database of 
known felons, terrorists and con artists.— 

The American Civil Liberties Union (ACLU) was extremely troubled by this event 
and the announced use of facial recognition software for other public surveillance 
projects. The ACLU observed that it was "unprecedented expansion" in high-tech 
surveillance and the technology should not be used to create a "virtual line up" of 
Americans who are not suspected of having done anything wrong.— 

This led New York lawyer Mark Milone to ask, in an article about biometric 
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surveillance, "How many times a day do we want to be the subject of a lineup 
when we leave our homes?".— 

Stating that such advanced surveillance facilitates the tracking of individuals, 
potentially on a national scale, Mr. Milone called for governments and industry to 
pay closer attention to the risks of such surveillance technology. 

Integrating databases and surveillance systems: The technological capacity 
for biometrically-enhanced surveillance is increasing at a relentless pace. While 
systems now in place are geographically limited - for example, New York’s 
Statue of Liberty now incorporates a facial recognition system linked to a U.S. 
database of terror suspects— - the time may come, as the ACLU warns, when 
the entire life of a city could be monitored, with vast databases of stored imagery 
that can be scanned with facial recognition technology to identify people, learn 
where they have been and perhaps even where they are at the present 
moment.— 

The prospect of a Europe-wide database of passport, visa and residence permits 
has also prompted several European data commissioners to comment that such 
a system risks "becoming a mass surveillance infrastructure tracking the 
movements of all residents and citizens".— 

The same can be said of any type of advanced surveillance system that relies on 
readily observable but uniquely identifiable information such as license plates 
and facial characteristics which can be linked to a specific location. 

Where to go from here? 

The privacy community needs to consider what positions it will take and what 
concerns it will raise as such systems inevitably expand in scope and use. 

• Should system controllers be required to establish reasonable grounds 
for extensive surveillance systems? 

• Is advising the subjects the only constraint on use of these systems? 

• Are there situations when surveillance systems are too fundamental an 
invasion of privacy? 

The tracking potential of Radio Frequency Identification 
(RFID) systems 

The technology 

RFID systems are an automated identification method that relies on storing and 
retrieving data from RFID tags using radio waves. The tags are miniaturized, low 
cost transmitters with varying reading ranges that can be embedded in products, 
vehicles, animals—and even humans. The tags can be "promiscuous", meaning 
they can be read by any RFID reader; or secure, requiring some type of 
password or authentication. 

Implanting in humans has generated the most attention as a potential location 
tracking technology. In 2004 the Chicago Sun-Times reported that at least 160 
federal prosecutors and investigators working for Mexico’s Attorney General 
Office had received subcutaneous chip implants, with key members of the 
military, police and even staff in the President’s office to follow.— 
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In Canada, RFID tags have replaced bar codes for tracking cattle destined for 
slaughterhouses, and for vehicle tracking on toll highways in two provinces. But, 
at least so far, government have not used them in any widespread public 
applications. 

The U.S. has considered their use for border security purposes, including a 
Department of Homeland Security request (since dropped) for information from 
commercial vendors for RFID tracking capabilities that could locate and identify a 
tag, with 100 per cent accuracy, inside a car, truck or bus from 25 feet away, 
while the vehicle was travelling as fast as 88 Km/h (55 mph).^S 

Considerable attention has been paid to the commercial uses of RFID tags, 
especially Wal-Mart’s efforts to advance their use in supply chain management. 

The privacy implications 

Use of RFID systems in any purposeful applications designed to track individuals’ 
movements has been slow to materialize, at least outside of an employment 
context. Nevertheless, privacy advocates remain concerned about the ability to 
link private and public RFID reader networks and databases for ubiquitous 
surveillance. 

Researchers at the Queen's University Surveillance Project point out that RFID 
tags, with their relatively limited reading distance, cannot by themselves be used 
to track locations continuously or in real-time.— However, U.S. law professor 
Jonathan Weinberg suggests information sharing among operators of discrete 
reader networks could create a massive shared network which becomes a 
"Panopticon geolocator".5Q 

Privacy activists also point out that the capacity of Electronic Product Code 
(EPC) tags is such that all objects around the globe could be uniquely identified, 
enabling the development of a global tracking and profiling infrastructure.^-The 
key factor that permits such ubiquitous tracking is that most RFID chips are 
designed to be promiscuous. 

Simson Garfinkel and Henry Holzman have explained that the vast majority of 
chips deployed so far are promiscuous because this approach is less expensive 
and the systems are easier to manage. The authors contrast these with secure 
tags, which only respond when a password or other authentication is provided, 
require passwords or encryption codes to be distributed in advance and properly 
controlled, creating an exceedingly difficult management problem.^ 

Professor Colin has also observed that location tracking can predict the trajectory 
of an individual, helping to ascertain not only where the individual is at a given 
moment, but also the individual’s likely destination. He states that a person may 
be very concerned that others would discover the end point of their journey. 
Equally important, he points out that current location technology is simply not 
sufficiently refined to connect identifiable individuals with precise geo-spatial 
coordinates, which can result in erroneous linkage of persons to locations.^ 

The privacy community, especially data commissioners and policy makers, have 
begun to address RFID location-tracking issues. 

In 2003, a resolution, adopted at the 25th International Conference on Data 
Protection and Privacy Commissioners, advocated permitting individuals to 
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delete data or destroy RFID tags in their possession. The resolution also stated 
that "[T]he remote reading and activating of RFID tags, without any reasonable 
opportunity for the person in possession of the tagged object to influence this 
process, would raise additional privacy concerns".^ 

In a 2005 working document, the Article 29 Data Protection Working Party noted 
the capability of RFIDs to "surreptitiously collect a variety of data all related to the 
same person; track individuals as they walk in public places (airports, train 
stations, stores); enhance profiles through the monitoring of consumer behaviour 
in stores; read the details of clothes and accessories worn and medicines carried 

by customers".^ 

A subsequent policy framework for a 2006 European Commission workshop on 
RFID issues sought to identify the types of applications with privacy and data 
protection implications; address how proper usage of RFID technology can be 
ensured, including through self regulatory practices, additional legal provisions or 
other compliance mechanisms; and discuss privacy enhancing technologies for 
RFID deployment.— 

Domestically, data commissioners have also moved on setting standards for use. 
For example, both Canadian Privacy Commissioner Jennifer Stoddart and 
Ontario Information and Privacy Commissioner Ann Cavoukian have developed 
industry guidelines and continue consulting industry and government on 
appropriate uses of RFID which may collect personal information. 

European data commissioners in Germany (the Federal Commissioner), Italy and 
the United Kingdom have all issued detailed guidance on RFID use, with 
consumer consent required for continued activation of chips after a customer has 
purchased an RFID-equipped product, and express prohibitions on unauthorized 
monitoring of people’s movements. 

Questions remain, however, about how effective such guidelines will be and 
whether widespread RFID deployment will indeed usher in an age of ubiquitous 
and invisible tracking, including use of such devices for police or security 
intelligence purposes. 

Where to go from here? 

• Are concerns about ubiquitous RFID tracking realistic or overblown as 
industry groups have repeatedly stated? 

• Are voluntary guidelines or existing laws sufficient or do we need specific 
new laws to govern RFID use? 

• Is specific technology—such as a mandatory "kill function" on RFID 
tags—required to protect public interests? 

• Should individuals who refuse RFID tracking be legally entitled to 
equivalent non-RFID-based services and products? 

Wi-Fi Positioning Systems: tracking wireless personal 
devices 

The technology 

"Wi-Fi" (short for wireless fidelity) is a term developed by the international Wi-Fi 
Alliance to describe wireless local area network products that are based on 
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common technical standards and allow users of wireless devices to have 
broadband Internet communications in public areas or "hotspots". 

According to the Wi-Fi Alliance, by 2007 the number of Wi-Fi networks or public 
access "hotspots" is projected to number 530,000 in the United States, almost 
800,000 in Europe, and more than a million in Asia.— 

Linked to the growing number of public places where people can use laptop 
computers and other wireless devices, is the growth of Wi-Fi Positioning Systems 
(WPS) which can pinpoint the location of wireless devices to within 20 metres. 
One U.S. company, Skyhook Wireless, Inc., now has WPS coverage in major 
U.S. cities equating to 70 per cent of the U.S. population base, and is now 
expanding into Canada and Europe. Skyhook has also introduced Loki, a toolbar 
that provides location-based services to Wi-Fi users. 

WPS can also be used inside buildings, where research suggests accuracy is 
possible to within one to three metres of a Wi-Fi equipped device.— Intel has set 
a goal of developing one-metre accuracy for both indoor and outdoor 
applications.— 

WPS works by measuring the time it takes for signals to travel from every Wi-Fi 
access point that responds to a device’s initial "who's-there” request. The more 
access points there are in a geographic area, the more accurate the 
measurement will be. It takes about two seconds for WPS to compute a user’s 
location. 

WPS has distinct advantages over other location technologies (including GPS) in 
dense urban locations as it does not require direct line of sight to a satellite. 

Some commercial services are being offered that combine both WPS and GPS, 
to provide ubiquitous location tracking in urban, suburban, rural and remote 
areas. 

The privacy implications 

The privacy concerns about the tracking capability have become more 
pronounced as municipal Wi-Fi systems are beginning to provide large-scale 
wireless access to the Internet in urban centres. The City of San Francisco’s 
announced plans for a municipal Wi-Fi system prompted questions from such 
privacy groups as the Electronic Frontier Foundation (EFF), American Civil 
Liberties Union (ACLU) and Electronic Privacy Information Center (EPIC). They 
asked "Will users be tracked from session to session, creating an archive of their 
online activity? Will the Wi-Fi service provider try to commercialize the data? Will 
the data be protected from interception by others?”®®. 

Discussions led to an agreement between the city and contracted service 
provider EarthLink Inc. that includes a comprehensive privacy policy to prevent 
sharing of any Wi-Fi-generated personal information without "voluntary 
affirmative consent of the user". The agreement also provides users with the right 
to opt-out of any collection of location information, except for criminal 
investigation, national security and civil legal proceedings.®! These contract 
provisions, however, may do little to satisfy civil society groups. 

At heart is the ability of corporate interests (in the case of civil suits), law 
enforcement and national security agencies to use location information to track 
and potentially uncover the identities of individuals seeking to preserve their 
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privacy rights or even constitutionally protected rights of free speech. For 
example, civil society groups cite American courts as having recognized that 
Internet users "who have committed no wrong should be able to participate 
online without fear that someone who wishes to harass or embarrass them can 
file a frivolous lawsuit and thereby gain the power of the court’s order to discover 
their identities".^ 

With the heightened tension between privacy rights and security interests, the 
outstanding question in the case of municipal Wi-Fi systems is how far network 
operators will go to protect privacy interests in the face of legal demands to hand 
over location or other identifying information. 

Other solutions to managing location privacy may result from the development of 
new privacy rules for location-emitting devices. The Internet Engineering Task 
Force (IETF) Geographic Location/Privacy Working Group (Geopriv WG) has 
created a set of standards for sending location information over the Internet that 
incorporates privacy rules. The PIDF-LO (Presence Information Data Format - 
Location Object) privacy rules are designed to give users of location-emitting 
devices some control over how long location information can be retained by a 
third party and whether consent is provided for retransmitting this information.— 

In a recent article, John Morris, Director of the Center for Democracy & 
Technology (CDT) Internet Standards, Technology and Policy Project, (who 
helped develop this standard) gives an example of how it might work. A wireless 
device user might send a message to a host server asking "Where is the closest 
Starbucks to where I am right now?" Depending on the user’s privacy settings, 
the host could be required to respond to this query and then immediately discard 
the location information.— 

Development of a more robust privacy framework is underway which will, in 
theory, give users considerable control over who can access location information 
and for what purposes. At the same time, users could define how granular the 
information can be - for example, an exact location or just that the user is in a 
particular city. Mr. Morris explains, "Geopriv offers the opportunity to convey fairly 
robust and potentially complex privacy rules along with location information”. 
Flowever, he adds the caveat--which applies to all location tracking technologies: 
"It can’t, however, provide guarantees that those rules will be honoured or 
followed in any given situation".— 

Absent such rules or regulatory control of location information, there are profound 
societal consequences to enhanced location tracking, as A Report on the 
Surveillance Society points out: 

"... the concern remains that consumer surveillance will continue 
to perpetuate and amplify social divides and sorting that is 
antithetical to democratic principles. Consumer surveillance then 
stands to increase as a 'cybernetic triage’ separating consumers 
based on their presumed economic and political value rather than 
on their initiative and self-determination." 

Not surprisingly, there are also profound differences in awareness and attitude 
towards location technologies and their privacy impacts based on age. Various 
researchers, for example the Pew Research Center, have found that teenagers 
and young adults embrace new technologies with more enthusiasm and have far 
less regard for privacy consequences.This suggests the emergence of a 
generation that is techno-savvy but unfazed by the Orwellian possibilities of 
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location technology. 

Where to go from here? 

• How do we foster greater understanding of the privacy impacts of 
technologies such as Wi-Fi positioning systems? 

• If there are cultural, social and age divides that affect user attitudes 
towards technology, how can such divides be factored into the social 
acceptance of the technology, its purposes and consent to its use? 

• What role should privacy commissioners and civil society and privacy 
groups play in addressing location information privacy impacts? 
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